Title:  Cyber Security Assessment Manager

We are JTI, Japan Tobacco International, and we are present in 130 countries. We have spent years innovating, creating new and better products for the consumers to choose from. This is our business. But not only. Our business is our people. Their talent. Their potential. We believe that when they are free to be themselves, and they are given the opportunity to grow, travel and develop, amazing things can happen.

That’s why our employees, from around the world, choose to be a part of JTI. It is why 80% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, ten years running. 

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more: jti.com

Department: Cyber Security Center

Duty Post: Taguig City

Hiring Manager: Technical Security Center Director

Role: Permanent

CYBER SECURITY ASSESSMENT MANAGER

What is this role about?

The mission of the Technical Security Centre team is to provide security expertise and best practices to other IT functions by ensuring consistent and high security standards are applied in the development and ongoing evolution of the JTI IT infrastructure and business applications. The scope includes, but is not limited to, corporate network, workstations, servers, mobile devices, business applications, Internet and related IT services.

This position will be responsible for ensuring that all business critical IT applications are implemented in a secure manner and not vulnerable to internal and external threats. 

The incumbent will be responsible for working closely with functional and technical teams globally supporting the application security assessment activities, performing controlled security assessment, code reviews and penetration testing. The incumbent will be responsible, in collaboration with the Technical Security Centre team, to produce technical security reports, present the results to the relevant stake-holders to achieve buy-in and corrective action commitment, and to follow-up on the required corrective actions.

He/She also works closely with other TSC colleagues to help review new technical solutions from a security assessment standpoint in accordance with the security and business requirements. The incumbent will be responsible, in collaboration with Technical Security Centre team, to establish and follow-up on security assessment requirements. The incumbent is responsible for staying abreast of evolving technology and keep management aware of new trends, technology and security industry best practices and how they could be incorporated as part of the global technical security strategy.

What will you do?

1) Cyber Security

• Accountable for ensuring that business solutions are secured against internal and external threats and hacking
• Conduct appropriate security assessments & Penetration Tests as required by the TSC team and follow up with IT teams on recommendations and corrective action implementation.
• Self position as subject matter expert and reference for security assessment activities.

2) Change / Service Request Management

• Ensure proper technical recommendations and effort analysis are provided in a timely manner, for all change and service requests related to security assessments assigned to him/her.
• Provide technical security expertise, ensure technical solutions follow best practice & JTI standards and are implemented accordingly.

3) Policies & Procedures

• Participate in the review and maintenance of policies, procedures, standards and guidelines in the area of responsibility
• Ensure policies, procedures, standards and guidelines are consistently applied in all solutions, projects and initiatives

4) Risk Control

• Deliver regular and consistent input and reports to support the JTI compliance, audit and risk control teams.

5) Cooperation & Communication

• Work in close cooperation with and provide necessary support to global and local IT teams (GDC, BTS, I&O) ensuring proper / frequent updates to TSC Team Members.

6) Operations & Incident Management

• Ensure that security operations aspects are taken into account when assessing or approving new solutions
• Provide expertise and help on troubleshooting complex cyber security and technical incidents in the area of responsibility

Who are we looking for?

• University degree in Computer Engineering, Software Development, Information Systems and relevant experience in IT, CISSP, CEH are a plus                                           
• 3+ years of Pen Testing / Application, Network, System Security Assessment, Ethical Hacking
• Experience in the Application environment of an international corporation in a multicultural environment
• Specialist in security technologies. Web based security technology and complex Pen Testing is mandatory
• Experience with Acunetix, Burp Suite and other similar tools
• Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance.
• 1+ years of Project Management experience
• Technical background, structured approach, ability to work with internal and external providers, autonomous in his / her work
• Fluent English written and spoken                                   
• Analytical/problem solving ability
• Strong verbal, written communication and presentation skills
• Excellent team player and communication skills.
• Analytical, organised and efficient.
• Sets priorities to meet objectives.
• Comfortable working in a fast paced and dynamic work environment
• Someone who can bring fresh ideas with a self-driving attitude.

What are the next steps - Recruitment Process:

• We will make sure to provide feedback on your application within 2 weeks after the application deadline